Server sends out a token with response

2025-03-23 17:45:51 -04:00 · 2025-03-23 17:45:51 -04:00 · 3688c202a4
parent 9f8b8057c3
commit 3688c202a4
1 changed files with 17 additions and 7 deletions
--- a/lobby.lua
+++ b/lobby.lua
@ -1,5 +1,6 @@
 require("oct_utils")
 require("termbox_defs")
+local sha = require("sha2")
 json = require "json"

 -- begin message type constants
@ -8,15 +9,18 @@ OCT_LOBBY_MSG_CLIENTUNREG = 1; -- Client unreg message
 OCT_LOBBY_MSG_CLIENTLIST = 2; -- Client list broadcast message
 OCT_LOBBY_MSG_START = 3; -- Start the game message
 OCT_LOBBY_MSG_PING = 4; -- Querying connection
-OCT_LOBBY_MSG_ACK = 5; -- "yes", used to respond to ping and other stuff
+OCT_LOBBY_MSG_ACK = 5; -- "yes"
 OCT_LOBBY_MSG_NAK = 6; -- "no"
 -- end message type constants

+math.randomseed(os.time())
+
 oct_lobby_clientlist = {};

 server_needs_broadcast_client_list = false
 lobby_server_first_call = true

+
 function lobby_server_checkclients()
   for k,v in pairs(oct_lobby_clientlist)
   do
@ -65,16 +69,20 @@ function lobby_server(maxplayers)
 			
 			oct_send(response, req_addr, req_port)
 		 else
-			response = json.encode({
-				  { msg_type = OCT_LOBBY_MSG_ACK }
-			})

 			oct_lobby_clientlist[req_name] = {}
 			oct_lobby_clientlist[req_name]["addr"] = req_addr
 			oct_lobby_clientlist[req_name]["port"] = req_port
 			oct_lobby_clientlist[req_name]["pinged"] = false
+			local token = sha.sha256(req_addr .. req_port .. tostring(math.random()))
+			
+			oct_lobby_clientlist[req_name]["token"] = token
 			OCT_LOG_INFO("Registered new client: " .. req_name .. " @ " .. req_addr .. ":" .. req_port)

+			response = json.encode({
+				  { msg_type = OCT_LOBBY_MSG_ACK, token = token }
+			})
+			
 			oct_send(response, req_addr, req_port)
 			-- Everytime client is registered, need to broadcast client list
 			server_needs_broadcast_client_list = true
@ -88,7 +96,7 @@ function lobby_server(maxplayers)
 			-- TODO this is insecure
 			-- have server issue a token based on a random number on registration and check against that
 			-- like SHA256(addr::port::rand())
-			if v["addr"] == req_addr and k == msg_obj["name"]
+			if v["addr"] == req_addr and v["token"] == msg_obj["token"]
 			then
 			   v["pinged"] = true
 			   break
@ -127,6 +135,7 @@ lobby_connect_message = nil -- messages displayed when attempting connection
 client_connect_ip = nil
 client_connect_port = nil
 client_connect_name = nil
+client_connect_token = nil

 -- Once connected, these elements display
 client_clientlist_sprite = oct_tb_sprite_new()
@ -148,7 +157,7 @@ end
 -- every 1 second, ping the server to let it know we are still alive
 function lobby_client_ping()
   local msg = json.encode({
-		 { msg_type=OCT_LOBBY_MSG_PING, name=client_connect_name }
+		 { msg_type=OCT_LOBBY_MSG_PING, token = client_connect_token }
   })
   oct_send(msg, client_connect_ip, client_connect_port)
   oct_timer_register("ping_server", 1000, "lobby_client_ping", "")
@ -215,6 +224,7 @@ function lobby_client(key, ch, my_port)
 	  if (client_wait_for_reg_response == true and
 		  msg_obj["msg_type"] == OCT_LOBBY_MSG_ACK) then
 		 OCT_LOG_INFO("Server accepted registration request!")
+		 client_connect_token = msg_obj["token"]
 		 lobby_connect_message["shape"] = "Connected"
 		 lobby_connect_message["fg"] = TB_GREEN
 		 client_connected = true
@ -223,7 +233,7 @@ function lobby_client(key, ch, my_port)
 		 lobby_clear_connect_form()
 		 -- ping the server to let them know we are alive
 		 local ping_msg = json.encode({
-			   { msg_type=OCT_LOBBY_MSG_PING, name=client_connect_name }
+			   { msg_type=OCT_LOBBY_MSG_PING, token = client_connect_token }
 		 })
 		 oct_send(ping_msg, client_connect_ip, client_connect_port)
 		 -- then ping every second